Execution Layer Setup

The execution layer handles transaction processing, smart contract execution, and maintains the Ethereum Virtual Machine (EVM) state. Inception uses Geth (Go Ethereum) as the execution client.

Prerequisites

Before starting, ensure you have:

A server meeting the hardware requirements
Root or sudo access to the server
Basic command line familiarity
Firewall configured to allow necessary ports

Installing Geth

Ubuntu/Debian

# Add Ethereum PPA
sudo add-apt-repository -y ppa:ethereum/ethereum
sudo apt-get update

# Install Geth
sudo apt-get install -y geth

# Verify installation
geth version

Build from Source

# Install dependencies
sudo apt-get install -y build-essential git

# Clone Geth repository
git clone https://github.com/ethereum/go-ethereum.git
cd go-ethereum

# Build Geth
make geth

# Copy binary to system path
sudo cp build/bin/geth /usr/local/bin/

# Verify installation
geth version

Initialize Geth

Before running Geth, you need to initialize it with the Inception genesis configuration.

Download Genesis File

# Create Inception data directory
mkdir -p ~/inception-data

# Download Inception genesis.json
# Check the Transparency & Addresses page for the latest genesis file
wget -O ~/inception-data/genesis.json https://inceptionera.com/genesis.json

# Initialize Geth with genesis file
geth init --datadir ~/inception-data ~/inception-data/genesis.json

Genesis File

The genesis file is published on the Transparency & Addresses page. Always verify checksums before using.

Generate JWT Secret

The Engine API requires a JWT secret for authenticated communication between the execution and consensus layers.

# Generate JWT secret
openssl rand -hex 32 | tr -d "\n" > ~/inception-data/jwt.hex

# Set proper permissions
chmod 600 ~/inception-data/jwt.hex

JWT Secret

Keep this JWT secret file secure. Both your execution and consensus clients need to use the same JWT secret file.

Running Geth

Command Line

Here's the basic command to run Geth for Inception:

geth \
  --datadir ~/inception-data \
  --networkid 1805 \
  --http \
  --http.addr 127.0.0.1 \
  --http.port 8545 \
  --http.api eth,net,web3 \
  --ws \
  --ws.addr 127.0.0.1 \
  --ws.port 8546 \
  --ws.api eth,net,web3 \
  --authrpc.addr 127.0.0.1 \
  --authrpc.port 8551 \
  --authrpc.jwtsecret ~/inception-data/jwt.hex \
  --syncmode snap \
  --gcmode archive \
  --bootnodes "enode://[BOOTNODE_1]@ip:port,enode://[BOOTNODE_2]@ip:port"

Flag explanations:

--datadir: Directory for blockchain data
--networkid: Inception chain ID (1805)
--http.*: HTTP RPC endpoint (keep on localhost!)
--ws.*: WebSocket RPC endpoint (keep on localhost!)
--authrpc.*: Engine API for consensus layer communication
--authrpc.jwtsecret: Path to JWT secret file
--syncmode snap: Fast sync mode
--gcmode archive: Garbage collection mode (validators should use full for optimal performance)
--bootnodes: Inception network bootnode addresses

Validator GC Mode

Validators should use --gcmode full rather than archive to reduce storage requirements while maintaining all necessary state data.

Critical Security

Never expose the Engine API (port 8551), HTTP RPC (8545), or WS RPC (8546) to the public internet. Bind them to 127.0.0.1 and use a shared jwt.hex file for EL↔CL authentication.

Systemd Service

For production, run Geth as a systemd service:

# Create service file
sudo nano /etc/systemd/system/geth-inception.service

Add this content:

[Unit]
Description=Inception Geth Execution Client
After=network.target
Wants=network.target

[Service]
Type=simple
User=inception
Group=inception
Restart=always
RestartSec=5
ExecStart=/usr/bin/geth \
  --datadir /home/inception/inception-data \
  --networkid 1805 \
  --http \
  --http.addr 127.0.0.1 \
  --http.port 8545 \
  --http.api eth,net,web3 \
  --ws \
  --ws.addr 127.0.0.1 \
  --ws.port 8546 \
  --ws.api eth,net,web3 \
  --authrpc.addr 127.0.0.1 \
  --authrpc.port 8551 \
  --authrpc.jwtsecret /home/inception/inception-data/jwt.hex \
  --syncmode snap \
  --gcmode full \
  --bootnodes "enode://[BOOTNODE_ADDRESSES]"

[Install]
WantedBy=multi-user.target

Enable and start the service:

# Reload systemd
sudo systemctl daemon-reload

# Enable service to start on boot
sudo systemctl enable geth-inception

# Start the service
sudo systemctl start geth-inception

# Check status
sudo systemctl status geth-inception

Monitoring Geth

Check Logs

# Using systemd
sudo journalctl -u geth-inception -f

# If running in terminal, logs appear in stdout

Check Sync Status

# Attach to Geth console
geth attach http://127.0.0.1:8545

# Check sync status
eth.syncing

# Check current block
eth.blockNumber

# Check peer count
net.peerCount

# Exit console
exit

Verify Engine API

The Engine API should be listening on port 8551:

# Check if port is listening
sudo netstat -tulpn | grep 8551

# Should show geth listening on 127.0.0.1:8551

Firewall Configuration

Configure your firewall to allow P2P connections while keeping RPC endpoints private:

# Allow execution layer P2P
sudo ufw allow 30303/tcp
sudo ufw allow 30303/udp

# Ensure RPC endpoints are NOT exposed
# (they should only be accessible on localhost)

# Enable firewall
sudo ufw enable

Troubleshooting

Geth Won't Start

Check common issues:

Genesis file: Ensure you initialized with the correct genesis.json
Permissions: Verify the data directory is writable
Ports: Check no other services are using ports 8545, 8546, or 8551
JWT secret: Ensure jwt.hex exists and is readable

Slow Sync

Peers: Check you have sufficient peers (net.peerCount)
Bandwidth: Ensure adequate network speed
Storage: Verify disk I/O isn't bottlenecked
Bootnodes: Confirm bootnode addresses are correct

High Disk Usage

Options to reduce disk usage:

Use --gcmode full instead of archive
Implement state pruning
Use larger disk or clean up old snapshots

No Peers

Firewall: Ensure port 30303 is open
Bootnodes: Verify bootnode addresses are correct and reachable
Network: Check your internet connection
Time sync: Ensure system time is accurate (use NTP)

Important Notes

Keep Engine API Local

The Engine API on port 8551 is the critical link between execution and consensus layers. It must:

Only listen on 127.0.0.1 (localhost)
Use JWT authentication
Never be exposed to the public internet

Resource Usage

Geth is resource-intensive during initial sync. Expect:

High CPU usage during sync
Significant bandwidth consumption
Large disk I/O
Plan accordingly and monitor resources

Next Steps

Once Geth is running and syncing:

Set up Consensus Layer: Install and configure Prysm
Generate Validator Keys: Create keys and make deposit

Prerequisites​

Installing Geth​

Ubuntu/Debian​

Build from Source​

Initialize Geth​

Download Genesis File​

Generate JWT Secret​

Running Geth​

Command Line​

Systemd Service​

Monitoring Geth​

Check Logs​

Check Sync Status​

Verify Engine API​

Firewall Configuration​

Troubleshooting​

Geth Won't Start​

Slow Sync​

High Disk Usage​

No Peers​

Important Notes​

Next Steps​

Additional Resources​